php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #74367 do not support stack cookies
Submitted: 2017-04-04 03:48 UTC Modified: 2017-05-04 15:13 UTC
From: r at ramon dot ph Assigned:
Status: Not a bug Package: mysqlnd_ms (PECL)
PHP Version: 5.6.30 OS: Amazon Linux AMI 2016.09
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: r at ramon dot ph
New email:
PHP Version: OS:

 

 [2017-04-04 03:48 UTC] r at ramon dot ph 
Description:
------------
We are doing "Runtime Behavior Analysis" on our Amazon EC2 instance and one of the rules for it is "Software Without Stack Cookies". The analysis said:

The following executable files on instance i-9bb14a8d do not support stack cookies: /usr/lib64/php/5.6/modules/mysqlnd_ms.so.
This rule detects the presence of third-party software that is compiled without support for stack cookies. Stack cookies increase system security by defending against stack-based buffer overflow and other memory corruption attacks.

Is it possible to do this build option? Preferably via PECL and not a self-compile as it will be easier to maintain than us building and keeping track of its updates.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-04-04 05:42 UTC] stas@php.net
-Type: Security +Type: Bug
 [2017-04-04 05:43 UTC] stas@php.net
-Status: Open +Status: Not a bug
 [2017-04-04 05:43 UTC] stas@php.net 
We do not distribute binaries for Linux, so I'd recommend to contact the distro that the file came from.
 [2017-05-03 18:57 UTC] jschwartz at emfluence dot com 
I also got some recommendations like this, but with other PHP packages. Were you able to resolve the issue?
 [2017-05-04 15:13 UTC] r at ramon dot ph 
No we weren't able to. We also tried contacting the authors but it seemed like they disappeared off the face of the earth around 2 years ago. No social media account updates no nothing.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Dec 27 17:01:30 2024 UTC